2012-anderson-hidden
findings extracted from this paper
-
Iran has deployed a 'dual-stack' addressing pattern in which the same server receives both a globally routable public IP and an RFC1918 private address, enabling failover between global and domestic routing. DNS records document this for entities ranging from ISPs (acc4.pishgaman.net: 81.12.49.108 / 10.8.218.4) to government organizations (Vice Presidency for Management Development: 10.30.5.163 / 10.30.5.148) and private companies.
-
Iran's nationwide censorship redirect page is hosted at private IP 10.10.34.34, operated by Data Communication Affairs (a subdivision of TCI's Information Technology Company, AS12880). Traceroute data confirms the final public hop before this private host is 195.146.33.29, registered to Data Communication Affairs, and 24 of 27 tested Iranian networks (89%) can reach it.
-
A scan of the full 10.0.0.0/8 block from within Iran identified 45,928 active hosts, including 20,060 on Telnet (port 23), 9,960 on HTTP (port 80), 8,029 on SSH (port 22), and 2,510 on DNS (port 53). Identified participants include TCI, government ministries (Agriculture, Education, Science), universities, and ADSL providers, establishing the private network as a purposefully designed national intranet in place since at least 2010.
-
Using open HTTP proxies distributed across 27 Iranian ASNs, the study confirmed 89% (24/27) of tested networks could reach the private filtering page (10.10.34.34) and 77% (21/27) could reach Imam Reza University's private IP. Of 15 proxies on RFC1918 addresses themselves, 13 (87%) could also reach the filtering page, confirming nationwide — not localized — private-space reachability.
-
Several Iranian domains maintain DNS A records pointing to RFC1918 private addresses that resolve only when queried against Iranian nameservers (IRNIC); the same query to Google's public DNS (8.8.8.8) returns REFUSED. Domains including realm.blizz.ir (→ 10.175.27.120), isftak.ir, and geeges.co.ir exhibit this split-DNS pattern as of September 2012.